PetitPotam attack attempts to force the DC$ machine account in order to authenticate with the Active Directory Certificate Services and request for a certificate. This certificate can be imported into the current session of the user in order to request an elevated TGT from Kerberos and therefore elevate privileges from standard user to domain admin.
Article: [ Ссылка ]
